[tor-bugs] #23446 [Applications/Tor Browser]: Write a guidelines documentation for requirements with Tor integration
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Sep 9 18:33:23 UTC 2017
#23446: Write a guidelines documentation for requirements with Tor integration
------------------------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
I heard that one of the discussions in the Montreal meeting was
"Encouraging Tor integration by third parties" which spawned for me the
idea that there must be some guidelines documentation the requirements
that should be met for each use case. For example for browsers (where
integrating Tor is a goal with Brave in private browsing and it has been
suggested by the (ex?)-CEO of Mozilla) among the requirements I can think
of,
1. Having the user agent the same as the Tor Browser (Otherwise
fingerprinting would be easy).
2. Stream isolation should be enforced, otherwise a single exit can watch
all traffic.
3. First party isolation should be enforced.
5. ...etc
Of course there's already the Tor Browser design documentation, but it
doesn't address this question directly, and more importantly those folks
don't want to make an alternative Tor Browser, rather just a "Tor mode" to
their private browsing that can enable true privacy by design.
What do you think of such an idea?
Note that this finds its parallel with little-t-tor in another ticket that
I couldn't find about alternative implementations of the tor client.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23446>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list